Hello Everyone,
I appreciate any and all input of information. This is my dilemma
I am not sure if this is possible but want to restrict ssh access in a way that a user can login via ssh but i do not want them to be able to ssh from that machine to anywhere else.
For example:
User is on his home laptop --> ssh into workstation with AD credentials ( I already restricted this with winbind ) --> Now the user is in his workstation but he can now ssh to any other computer on the network.
I do not want them to "hop" to any other machine once they are logged into their workstation.
Once again thank you in advance for any tips.
Restrict SSH Access
Re: Restrict SSH Access
Close the firewall for outgoing ssh.
Remove execute bit for /usr/bin/ssh "other". Don't know if this is good practice.
Remove execute bit for /usr/bin/ssh "other". Don't know if this is good practice.
Re: Restrict SSH Access
The latter will not stop from working.
Code: Select all
$ sh /usr/bin/ssh
Re: Restrict SSH Access
It's possible to yum remove openssh-clients but that would stop anyone on there from running ssh/sftp/scp/slogin and ssh-{add,agent,copy-id,keyscan} but that may be an acceptable solution.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke